Re: [TLS] Update on TLS 1.3 Middlebox Issues

Randy Bush <> Sun, 08 October 2017 21:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0B800134954 for <>; Sun, 8 Oct 2017 14:42:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rTs3O_hqE6XU for <>; Sun, 8 Oct 2017 14:42:20 -0700 (PDT)
Received: from ( [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F41DB1332CD for <>; Sun, 8 Oct 2017 14:42:19 -0700 (PDT)
Received: from localhost ([] by with esmtp (Exim 4.86_2) (envelope-from <>) id 1e1JKz-0002Rl-Cs; Sun, 08 Oct 2017 21:42:17 +0000
Date: Mon, 09 Oct 2017 06:42:15 +0900
Message-ID: <>
From: Randy Bush <>
To: Rich Salz <>
Cc: Transport Layer Surveillance WG <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.2 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <>
Subject: Re: [TLS] Update on TLS 1.3 Middlebox Issues
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 08 Oct 2017 21:42:21 -0000

there are a lot of us lurkers out here a bit horrified watching this wg
go off the rails.

it would help if vendors of devices which break privacy would stop
speaking for 'datacenters' and let datacenters speak for themselves.  i
have not seen any doing so.  my $dayjob has >10 medium sized datacenters
serving everything from banks to telcos to scaled cloud services.  i can
not find folk in our datacenter groups who see a need to break e2e

if the interception proposals ensured that user is notified and able to
prevent session interception, then i would believe this.  but if they do
not, then let's face it, this is all about selling surveillance gear to
snooping enterprises and repressive regiemes where people with guns take
you away at 3am because your session was decoded.

can we please provide real end to end privacy or call this wg something